Are visitors to your website receiving warnings from their web browser reporting it is insecure?
Or maybe you have had people telling you that they have been blocked by their browser or mobile device when trying to visit your website?
All in all, not good for your business and online reputation…
If these types of warnings have been reported, then probably the likely reason is because your website does not have an SSL certificate installed.
Read on to find out what an SSL certificate is, how these errors can be fixed and why you should consider adding an SSL certificate to your website.
How can I tell if my website has an SSL Certificate?
When people visit a website their web browser automatically detects and reports if the site is secure or not. Google Chrome reports this in one of two ways, displaying the result to the left of the URL in the address bar.
- Insecure website – displays a black exclamation mark.
- Secure website – displays a green padlock with the word ‘Secure’ next to it.
Other web browsers such as Internet Explorer and Mozilla Firefox, display the result in a similar way.
A website reported as insecure does not have a valid SSL certificate installed, whilst a site reported as secure does have one installed.
Visit your website and look to the left of the address bar, does it have a black exclamation mark or a green padlock?
It’s as easy as that to find out.
What is an SSL Certificate?
An SSL certificate encrypts the connection between your website and your visitor’s web browser so hackers can’t intercept and steal personal information. Normally, SSL certificates can be difficult to install and expensive, but this is changing fast with the introduction of free SSL certificates such as Let’s Encrypt.
SSL (Secure Socket Layer) certificates were first created in 1996 to secure the connection between a website and its end user. Over the years, huge improvements have been made in SSL and in 1999 the name was changed to TLS (Transfer Layer Security). We still use the TLS version today, although the old name of SSL is more commonly used.
Websites that have a valid SSL certificate display a green padlock next to their URL and their address is prefixed with HTTPS instead of HTTP.
Websites that accept personal information, eCommerce sites and even any site that requires users to log in need an SSL certificate to prevent hackers from getting around the connection and stealing the information that passes between the user and the website.
Since all WordPress sites include a login page, even if there is only one user, it is recommended that a SSL certificate is installed.
For example, the latest version of Mozilla gives a warning error if login credentials or other sensitive details are entered from an HTTP-based site which has not migrated to HTTPS yet.
What are the benefits of an SSL?
Not only is there the obvious benefit of securing your website, Google announced in 2014 that switching your website from HTTP to HTTPS would be considered as a ranking factor and give your site a minor ranking boost.
In the future, Google have also stated that they will display insecure website warnings more prominently in Google Chrome, it is expected other web browsers will follow suit. Eventually, Google plan to label all HTTP pages as non-secure, and change the HTTP security indicator to a red warning triangle.
Not a very good impression to give visitors to your website.
How can I add an SSL?
The process of installing an SSL certificate varies between web hosts, a lot of hosts have implemented the free Let’s Encrypt option in to their hosting and it can be installed by one click from within your web hosting control panel.
Other web hosts may only have a paid SSL certificate option, if you are unsure it is best you contact your hosting provider to find out exactly what they offer.
Installing your SSL certificate is just the first step; you will then need to ensure that all references on your website are changed from HTTP to HTTPS. These include links to other internal pages and images. Failing to do this will result in your website being reported as not-secure and having broken HTTPS.
There are a number of tools and plugins available to help you with this, such as the Better Search Replace plugin, but it can be a tricky process.
In the near future, we will publish a comprehensive guide to help you convert your WordPress website from HTTP to HTTPS.
In the meantime, if you need help installing an SSL certificate on your website and moving it from HTTP to HTTPS, or have any questions, then please get in touch!
Stephen Norman is a business owner and WordPress professional from the UK.
Originally an IT engineer, he discovered WordPress when he developed a website for his first business and has been using it ever since.
When not building websites, supporting websites or helping clients improve their online presence, Stephen can be found at the gym, discovering new beers, or visiting places around Europe.
If you wish to get in touch with Stephen, you can do so via Twitter, LinkedIn or through his website.